Developer Newsletter - November 2023

Romana Vasyleha

📄New Research Report: Enabling Developers to Build Secure by Design Applications

On behalf of Pangea, The Enterprise Strategy Group conducted a comprehensive online survey of software developers from large midmarket and enterprise organizations. 🔍 In this research report, we look at what’s standing in the way of developers being able to create secure applications, the impact and cost of insecure code, and how organizations can better enable devs through awareness, education and resources. 👨‍💻

CLICK TO DOWNLOAD REPORT

🤲 Help us help you!

We invite you to a short 1-2 minute survey to help us understand what Pangea services you are currently using. Please share your feedback on what’s going well and where the Pangea platform can improve. Your contribution is immensely appreciated, and it plays a crucial role in our continuous effort to create great developer solutions that help your organizations build applications that are secure by design.

CLICK TO TAKE SURVEY

🆕 Product Updates

👀AuthZ: Private Access

Our AuthZ service is now available upon request! With Pangea’s AuthZ service, you can embed authorization into any app starting with simple roles, extending into fine-grained access control, and soon annotating with real time attributes. We’d love to see what you build and understand what goes smoothly or roughly for you. Apply now to request access to AuthZ.

💻Whois General Availability!

The Whois endpoint is now generally available and ready for use in production applications. With this API you can extract historical domain information to identify newly-created and short-lived domains that are often associated with scams, malware distribution, and phishing attacks. The data provider behind this API is WhoisXML API where over 565 million domains are tracked and over 16.7 billion Whois records are stored, all of which are accessible through this API now.

📁Vault folder settings and inheritance

You now can apply settings like rotation policies and others at the folder level where those settings will be inherited by all of the items within the folder recursively. If the folder already has items within it, those items will inherit the folder settings.

🔐Vault API updates

The /update endpoint now has the reserved word inherited for settings in the request.

The /get endpoint now has a new attribute in the response, inherited_settings. It will contain a map: str → bool where, for each setting, it specifies if the setting is inherited or not.

👤Authentication Active Users Widget

There is now an active users widget that shows your current MAU count (MAU = monthly active users). This widget is on the main Authentication service landing page in the console. Use the time picker immediately above the MAU widget to select the time window you want to apply.

👇Pango’s Picks

🏆 Pangea x Hashnode Hackathon recap

We launched our latest Securathon earlier this month with our friends at Hashnode and we had an amazing amount of submissions come in. We will announce the official winner and runner ups early next month but you can browse all of the projects here.

💵 What does $5 get you these days?

$5 doesn’t seem like a whole lot these days but it sure has a lot of power on the Pangea Platform! Plus you get $5 in credits every month to use on any of our services. See how those credits can help you today.

🤫Don't expose your tokens! Use Pangea's Vault to keep them secret!

There are things that need to stay secret. Like your tokens! Here is a short video showing who visits when tokens get exposed and how to prevent it from happening.

▶️ RL webinar video replay

Thank you to those who tuned it to our webinar with Reversing Labs, where we exposed the dark side of code with file scanning & analysis. To those who were unable to attend or would like to rewatch it, you can access the recording here

GitHub Actions

So you want to add secure coding checks in your CI/CD pipeline? We've made it so that you can call Pangea API's from GitHub Actions . This means you can now:

Check for malicious URLs sneaking around in your code
Store, manage, and rotate your secrets in Pangea's Vault
Have a tamper proof log of commits with Pangea's Secure Audit Log
Anything else you can imagine doing with the Pangea API's

📚 Secure by Design Education Hub

Developers of all levels can grow their security knowledge and keep up with all the latest in cybersecurity.

Secure by Design: An introduction for developers

Secure by Design is a set of principles and approaches, rapidly gaining public interest, promoted by a large international coalition of respected government agencies. There are large benefits to this for software-developing organizations, developers, and users. This article introduces Secure by Design and describes its importance.

Introduction to Authentication

Authentication is the process of verifying the identity of a user or entity attempting to access a system or application. Robust authentication is an essential and fundamental aspect of building secure cloud applications, establishing trust between the user and the application. Applications that don’t use authentication will not know who is using the application so they will have little basis for restricting actions or holding users accountable.

Upcoming Events

Hashnode x Pangea Hackathon

Submissions for our most recent hackathon with Hashnode closed on November 15th. We received so many great projects and are almost done reviewing them! Winners will be announced very soon, so hang tight. In the meantime feel free to browse all the projects that were submitted.

re:Invent

If you are attending AWS re:Invent, make sure to come say hi to Pangea’s Dev Advocate Pranav (@snpranav) for some free stickers!

See all news & events.

More from Pangea

A big shout out to the Pangea team members who showcased the magic of our APIs across several events. And, of course, a huge thank you to the event organizers, to all who made our presence felt, and to those who cheered us on:

OWASP - DC

Dev Advocate, Pranav Shikarpur, and Marketing Manager, Michael Turner, showing off their Halloween spooky spirit and Pangea’s awesome products

GitHub Universe - SF

Our team had so much fun interacting with attendees over both days at GitHub Universe earlier this month. Check out some funny jokes they cracked along the way.

https://youtu.be/tnGlpW1Bpo4?si=rZWkBxBE1AhrREWr

DevFest - SF

CTO, Sourabh Satish, sharing insights on Pangea with developers